Seamless data masking for PaaS based applications

US 9,858,431 B2
Filed: 11/01/2015
Issued: 01/02/2018
Est. Priority Date: 11/01/2015
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

providing a platform as a service (PaaS) software, including a plurality of software environments, on a computer;

deploying a software application in one of the software environments of the PaaS software;

executing a data masking engine in one of the software environments of the PaaS software, wherein the data masking engine monitors inbound or outbound traffic of the deployed software application, passing through endpoints of the software application, supplied by the PaaS software;

defining, for the data masking engine, one or more data masking rules;

detecting, by the data masking engine, data processed by the software application in accordance with a given data masking rule; and

performing, by the data masking engine, a data masking operation on the detected data in accordance with the given data masking rule.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, computing systems and computer program products implement embodiments of the present invention that include defining, for a data masking engine executing in a platform as a service (PaaS) based software environment, one or more data masking rules. Upon detecting, by the data masking engine, data processed by a software application executing within the PaaS based software environment and in accordance with a given data masking rule, the data masking engine can perform a data masking operation on the data.

17 Citations

View as Search Results

16 Claims

1. A method, comprising:
- providing a platform as a service (PaaS) software, including a plurality of software environments, on a computer;
  
  deploying a software application in one of the software environments of the PaaS software;
  
  executing a data masking engine in one of the software environments of the PaaS software, wherein the data masking engine monitors inbound or outbound traffic of the deployed software application, passing through endpoints of the software application, supplied by the PaaS software;
  
  defining, for the data masking engine, one or more data masking rules;
  
  detecting, by the data masking engine, data processed by the software application in accordance with a given data masking rule; and
  
  performing, by the data masking engine, a data masking operation on the detected data in accordance with the given data masking rule.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, wherein the plurality of software environments comprise software containers.
  - 3. The method according to claim 1, wherein the data masking operation is selected from a group consisting of masking the data and unmasking the data.
  - 4. The method according to claim 1, wherein the data masking engine is executed in a first software environment, and the software application is deployed in a second software environment, different from the first software environment.
  - 5. The method according to claim 4, wherein the data masking engine is executed in a first software container, and the software application is deployed in a second software container, different from the first software container.
  - 6. The method according to claim 5, wherein the data masking engine masks traffic of a plurality of software applications deployed in a plurality of respective software containers.
  - 7. The method according to claim 1, wherein the data masking engine and the software application are in a same software environment.
  - 8. The method according to claim 1, wherein the data masking engine enforces one or more specific masking rules on traffic of a plurality of software applications.

9. An apparatus, comprising:
- a memory configured to store code of a platform as a service (PaaS) software; and
  
  a processor configured;
  
  to run the code of the PaaS, to provide a PaaS including a plurality of software environments;
  
  to deploy a software application in one of the software environments of the PaaS software;
  
  to execute a data masking engine in one of the software environments of the PaaS software, wherein the data masking engine monitors inbound or outbound traffic of the deployed software application, passing through endpoints of the software application, supplied by the PaaS software;
  
  to define, for the data masking engine, one or more data masking rules,to detect data processed by the software application executing in accordance with a given data masking rule, andto perform a data masking operation on the detected data in accordance with the given data masking rule.
- View Dependent Claims (10, 11, 12)
- - 10. The apparatus according to claim 9, wherein the plurality of software environments comprise software containers.
  - 11. The apparatus according to claim 9, wherein the data masking operation is selected from a group consisting of masking the data and unmasking the data.
  - 12. The apparatus according to claim 9, wherein the data masking engine is executed in a first software environment, and wherein the processor is configured to execute the software application in a second software environment, different from the first software environment.

13. A computer program product, the computer program product comprising:
- a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising;
  
  computer readable program code configured to provide a platform as a service (PaaS) including a plurality of software environments, to deploy a software application in one of the software environments of the PaaS software, to execute a data masking engine in one of the software environments of the PaaS software, wherein the data masking engine monitors inbound or outbound traffic of the deployed software application, passing through endpoints of the software application, supplied by the PaaS software, and to define, for the data masking engine one or more data masking rules;
  
  computer readable program code configured to detect, by the data masking engine, data processed by the software application executing in accordance with a given data masking rule; and
  
  computer readable program code configured to perform, by the data masking engine, a data masking operation on the detected data in accordance with the given data masking rule.
- View Dependent Claims (14, 15, 16)
- - 14. The computer program product according to claim 13, wherein the plurality of software environments comprise software containers.
  - 15. The computer program product according to claim 13, wherein the data masking operation is selected from a group consisting of masking the data and unmasking the data.
  - 16. The computer program product according to claim 13, wherein the PaaS based software environment comprises a first PaaS based software environment, and comprising computer readable program code configured to execute the first software application in a second PaaS based software environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Farkash, Ariel, Gokhman, Igor, Goldsteen, Abigail, Moffie, Micha
Primary Examiner(s)
McNally, Michael S

Application Number

US14/929,348
Publication Number

US 20170124341A1
Time in Patent Office

793 Days
Field of Search

726 30
US Class Current
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/6209   to a single file or object,...

G06F 21/6254   by anonymising data, e.g. d...

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

Seamless data masking for PaaS based applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Seamless data masking for PaaS based applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links